CVE-2022-0094

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

CVE-2023-29935

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.countop && "operation was already replaced...

SLP Find Attributes

The remote server understands Service Location Protocol SLP, a protocol that allows network applications to discover the existence, location, and configuration of various services in an enterprise network environment. Services listed via SLP may include a number of attributes. These attributes ar...

SUSE CVE-2023-26934

REJECT DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This record is a reservation duplicate of CVE-2019-9587. Notes: All CVE users should reference CVE-2019-9587 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage...

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle iProcuremen...

Read The Manual Locker: A Private RaaS Provider

Read The Manual Locker: A Private RaaS Provider By Trellix · April 13, 2023 This blog was written by Max Kersten The underground intelligence was obtained byN074B07. Another day, another ransomware-as-a-service RaaS provider, or so it seems. We’ve observed the “Read The Manual” RTM Locker gang,...

GHSA-JPH3-3J24-PG3J thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to DOM cross-site scripting XSS because it fails to sanitize user input in the configuration privacy note URL parameter. This has been fixed in 3.1.12...

thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to DOM cross-site scripting XSS because it fails to sanitize user input in the configuration privacy note URL parameter. This has been fixed in 3.1.12...

PT-2023-17310 · Thorsten · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue is related to Cross-site Scripting XSS - DOM, where the software fails to sanitize user input in the configuration privacy note URL parameter. This allows for potential...

PT-2023-20852 · Llvm +1 · Llvm +1

Name of the Vulnerable Software and Affected Versions: LLVM version a0dab4950 Description: The issue is related to a segmentation fault in the mlir::outlineSingleBlockRegion function. It is noted that third parties dispute this as a vulnerability because the LLVM security policy excludes issues...

XSS to RCE found in Trilium

Vulnerability Type Remote Code Execution RCE Authentication Required? No Affected Location - Search Notes Search Ancestor Output - Jump to Note Search Note Output - New Tab Search Notes Output Issue Summary The application contains a vulnerability where HTML characters within the title name of...

The vulnerability of the fill_files_note() function (fs/binfmt_elf.c) in the Linux kernel’s file system support subsystem, which allows a attacker to cause a service failure

The vulnerability of the fillfilesnote function fs/binfmtelf.c in the Linux kernel’s file system support subsystem is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

Malicious Package

Overview fluent-ui-react-latest is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

CVE-2023-27974

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default...

编号撤回

This CVE number has been withdrawn...

CVE-2023-27560

Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields...

CVE-2023-26934

REJECT DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This record is a reservation duplicate of CVE-2019-9587. Notes: All CVE users should reference CVE-2019-9587 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage...

CVE-2023-24812

Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag notes/search-by-tag. This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to...

CLSA-2023-1676570255 Update of nss

Update to CKBI 2.60 from NSS 3.86 - Added: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - Certificate "Certainly Root E1" - Certificate "Certainly Root R1" - Certificate "DigiCert SMIME ECC P384 Root G5" - Certificate "DigiCert SMIME RSA4096 Root G5" - Certificate...